Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4606 vulnerabilities reference this CWE, most recent first.

GHSA-W76H-8M22-HPGH

Vulnerability from github – Published: 2026-03-03 18:10 – Updated: 2026-03-20 21:14
VLAI
Summary
OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists
Details

Summary

In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: <= 2026.2.21-2 (latest published at triage time)
  • Fixed in: 2026.2.22 (planned next release)

Impact

Attackers able to supply or influence attachment URLs could force redirect chains to non-allowlisted targets, weakening SSRF boundary controls for MSTeams media ingestion.

Fix Commit(s)

  • 73d93dee64127a26f1acd09d0403b794cdeb4f5c
  • b34097f62df9d1960cc22600269cd3f3284e2124

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.22). Once that npm release is published, this advisory can be published without further version-field edits.

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32037"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T18:10:12Z",
    "nvd_published_at": "2026-03-19T22:16:39Z",
    "severity": "HIGH"
  },
  "details": "## Summary\nIn OpenClaw MSTeams media download flows, redirect handling could bypass configured `mediaAllowHosts` checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content.\n\n## Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Affected versions: `\u003c= 2026.2.21-2` (latest published at triage time)\n- Fixed in: `2026.2.22` (planned next release)\n\n## Impact\nAttackers able to supply or influence attachment URLs could force redirect chains to non-allowlisted targets, weakening SSRF boundary controls for MSTeams media ingestion.\n\n## Fix Commit(s)\n- `73d93dee64127a26f1acd09d0403b794cdeb4f5c`\n- `b34097f62df9d1960cc22600269cd3f3284e2124`\n\n## Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.22`). Once that npm release is published, this advisory can be published without further version-field edits.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-w76h-8m22-hpgh",
  "modified": "2026-03-20T21:14:20Z",
  "published": "2026-03-03T18:10:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w76h-8m22-hpgh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32037"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/73d93dee64127a26f1acd09d0403b794cdeb4f5c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/b34097f62df9d1960cc22600269cd3f3284e2124"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-redirect-chain-bypass-of-media-host-allowlist-in-msteams-attachment-handling"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw\u0027s MSTeams attachment redirect handling could bypass configured media host allowlists"
}

GHSA-W76H-Q7C6-JPJP

Vulnerability from github – Published: 2026-05-28 18:27 – Updated: 2026-05-28 18:27
VLAI
Summary
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
Details

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module.

Finding 1 (Critical): SSRF (CWE-918) The HTTPSFetcher._do_fetch() method passes a user-supplied URL directly to requests.get() without validation. This allows an attacker to perform Server-Side Request Forgery, targeting internal services or cloud metadata endpoints (e.g., 169.254.169.254).

Per rule 4.2.11 of the CVE CNA rules Finding 1 will be addressed in this advisory, while findings 2 & 3 will be addressed in separate advisories:


Multiple Path Traversal Vulnerabilities in Remote Fetching Subsystem

Finding 2 & 3 (High/Medium): Path Traversal (CWE-22) The caching logic for HTTPSFetcher and LocalFetcher fails to sanitize URI paths, allowing for arbitrary file reads via file:// or writing cached files outside the intended directory.

Impact: > These vulnerabilities can be chained to exfiltrate sensitive cloud credentials or compromise CI/CD environments.

Reproduction: > Please see the attached poc_ssrf_and_path_traversal.py and terminal_output.txt. 13 exploit vectors have been verified locally.

compliance-trestle_audit_2026-03-30.pdf poc_ssrf_and_path_traversal.py terminal_output.txt

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "compliance-trestle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "compliance-trestle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.12.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46380"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-28T18:27:13Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module.\n\n**Finding 1 (Critical): SSRF (CWE-918)**\nThe HTTPSFetcher._do_fetch() method passes a user-supplied URL directly to requests.get() without validation. This allows an attacker to perform Server-Side Request Forgery, targeting internal services or cloud metadata endpoints (e.g., 169.254.169.254).\n\nPer [rule 4.2.11 of the CVE CNA rules](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment) Finding 1 will be addressed in this advisory, while findings 2 \u0026 3 will be addressed in separate advisories:\n\n---\n\nMultiple Path Traversal Vulnerabilities in Remote Fetching Subsystem\n\n**Finding 2 \u0026 3 (High/Medium): Path Traversal (CWE-22)**\nThe caching logic for HTTPSFetcher and LocalFetcher fails to sanitize URI paths, allowing for arbitrary file reads via file:// or writing cached files outside the intended directory.\n\nImpact: \u003e These vulnerabilities can be chained to exfiltrate sensitive cloud credentials or compromise CI/CD environments.\n\nReproduction: \u003e Please see the attached poc_ssrf_and_path_traversal.py and terminal_output.txt. 13 exploit vectors have been verified locally.\n\n[compliance-trestle_audit_2026-03-30.pdf](https://github.com/user-attachments/files/26348930/compliance-trestle_audit_2026-03-30.pdf)\n[poc_ssrf_and_path_traversal.py](https://github.com/user-attachments/files/26348820/poc_ssrf_and_path_traversal.py)\n[terminal_output.txt](https://github.com/user-attachments/files/26348821/terminal_output.txt)",
  "id": "GHSA-w76h-q7c6-jpjp",
  "modified": "2026-05-28T18:27:13Z",
  "published": "2026-05-28T18:27:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/oscal-compass/compliance-trestle/security/advisories/GHSA-w76h-q7c6-jpjp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oscal-compass/compliance-trestle/commit/53de5e75332888ea54f5da41d4c7859bb1d608e1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oscal-compass/compliance-trestle/commit/5c65c5926fe7ca908b9c1d281f904e7d97ba8310"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/oscal-compass/compliance-trestle"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem"
}

GHSA-W789-49FC-V8HR

Vulnerability from github – Published: 2026-02-26 15:22 – Updated: 2026-02-26 15:22
VLAI
Summary
TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist
Details

Impact

A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration.

The validation only checks if a hostname ended with an allowed domain. This meant:

If example.com is allowed in proxyableDomains:

  • ✅ example.com is allowed (correct)
  • ✅ api.example.com is allowed (correct)
  • ⚠️ maliciousexample.com is allowed (incorrect)

An attacker could register maliciousexample.com and proxy content through terriajs-server, bypassing proxy restrictions.

Patches

All versions up to 4.0.2 are affected. Upgrade to 4.0.3 to address the vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "terriajs-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-26T15:22:11Z",
    "nvd_published_at": "2026-02-26T00:16:26Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA validation bug allows an attacker to proxy domains not explicitly allowed in the `proxyableDomains` configuration.\n\nThe validation only checks if a hostname _ended_ with an allowed domain. This meant:\n\nIf `example.com` is allowed in `proxyableDomains`:\n\n- \u2705 example.com is allowed (correct)\n- \u2705 api.example.com is allowed (correct)\n- \u26a0\ufe0f maliciousexample.com is allowed (incorrect)\n\nAn attacker could register maliciousexample.com and proxy content through `terriajs-server`, bypassing proxy restrictions.\n\n### Patches\nAll versions up to 4.0.2 are affected. Upgrade to 4.0.3 to address the vulnerability.",
  "id": "GHSA-w789-49fc-v8hr",
  "modified": "2026-02-26T15:22:11Z",
  "published": "2026-02-26T15:22:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/TerriaJS/terriajs-server/security/advisories/GHSA-w789-49fc-v8hr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27818"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TerriaJS/terriajs-server/commit/3aaa5d9717162b245ae4569232bbe7d8673c913f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TerriaJS/terriajs-server"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TerriaJS/terriajs-server/releases/tag/4.0.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist"
}

GHSA-W79M-F3JX-779V

Vulnerability from github – Published: 2026-07-15 17:07 – Updated: 2026-07-15 17:07
VLAI
Summary
Koel: Authenticated Blind SSRF via Subsonic Podcast Channel Creation
Details

Summary

Koel v9.6.0 protects the regular podcast subscription API with SafeUrl, but the Subsonic-compatible createPodcastChannel.view route does not apply the same protection. An authenticated user can supply a private URL and cause Koel to fetch it server-side during podcast parsing.

This was validated against v9.6.0 (352ea5ec27fa22294da8fb6beacb3d5552f0d09c) using the official phanan/koel:9.6.0 image.

This is distinct from GHSA-7j2f-6h2r-6cqc, which fixed unsafe episode enclosure URLs in versions <= 9.3.4. The issue here is a newer validation gap in the Subsonic route itself, still present in v9.6.0.

Details

SafeUrl protects the regular podcast API only

The regular podcast subscription path validates the feed URL with SafeUrl:

  • app/Http/Requests/API/Podcast/PodcastStoreRequest.php
return [
    'url' => ['required', 'url', new SafeUrl()],
];

The Subsonic-compatible route does not:

  • routes/subsonic.php
  • createPodcastChannel.view
  • app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php
return [
    'url' => ['required', 'string', 'url'],
];

That creates the same kind of trust-boundary mismatch as the radio issue: the main API rejects private targets, while the compatibility route accepts them.

The URL is fetched immediately by the podcast parser

The attacker-controlled URL is used by the podcast service during channel creation:

  • app/Http/Controllers/Subsonic/CreatePodcastChannelController.php
  • app/Services/Podcast/PodcastService.php

PodcastService::addPodcast() calls:

$parser = $this->createParser($url);

and createParser() resolves to:

return Poddle::fromUrl($url, 5 * 60, $this->client);

This means the SSRF happens as part of the channel creation flow itself. No separate playback step is needed.

This bypasses Koel's intended SSRF control for podcast URLs

Koel already added SafeUrl to the regular podcast API and has already published a podcast-related SSRF advisory. The Subsonic route does not reuse that same control, so it reintroduces a server-side fetch primitive for private destinations.

PoC

The following steps were validated against the official phanan/koel:9.6.0 image.

  1. Authenticate and obtain an API token:
API_TOKEN=$(
  curl -sS -X POST http://127.0.0.1:18081/api/me \
    -H 'Content-Type: application/json' \
    --data '{"email":"admin@koel.dev","password":"KoelIsCool"}' \
  | python3 -c 'import json,sys; print(json.load(sys.stdin)["token"])'
)
  1. Obtain the user's Subsonic API key:
SUBSONIC_KEY=$(
  curl -sS http://127.0.0.1:18081/api/data \
    -H "Authorization: Bearer $API_TOKEN" \
  | python3 -c 'import json,sys; print(json.load(sys.stdin)["current_user"]["subsonic_api_key"])'
)
  1. Prepare an internal-only target URL. In my validation, I used a host-side RSS fixture reachable from the container through the Docker bridge:
TARGET_URL="http://172.17.0.1:18090/feed.xml?run=1"
  1. Confirm the regular web API blocks the URL:
curl -i -X POST http://127.0.0.1:18081/api/podcasts \
  -H "Authorization: Bearer $API_TOKEN" \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  --data "{\"url\":\"$TARGET_URL\"}"

Expected result:

  • HTTP 422
  • Error includes The url must point to a public URL.

  • Trigger the Subsonic route with the same URL:

curl -i -G http://127.0.0.1:18081/rest/createPodcastChannel.view \
  --data-urlencode "apiKey=$SUBSONIC_KEY" \
  --data-urlencode 'f=json' \
  --data-urlencode "url=$TARGET_URL"

Expected result:

  • HTTP 200
  • JSON includes "status":"ok"

  • Confirm the server-side request happened by checking the internal HTTP service logs.

During validation, the local HTTP test server received HEAD and GET requests for /feed.xml?run=1.

Impact

An authenticated user can make Koel send server-side HTTP requests to internal destinations that are intentionally blocked by the main web API.

Validated impact: - SSRF to loopback, Docker-bridge, and RFC1918 HTTP destinations reachable from the Koel server - Internal service discovery and request execution through the podcast parser

Generic response-body exfiltration was not validated through this exact route. The confirmed impact is SSRF-based internal request execution.

Remediation

The Subsonic podcast request validator should apply SafeUrl, and the parser entry point should reject unsafe targets as defense in depth.

Suggested patch for app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php:

diff --git a/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php b/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php
--- a/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php
+++ b/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php
@@
 namespace App\Http\Requests\Subsonic;

 use App\Http\Requests\Request;
+use App\Rules\SafeUrl;
@@
     public function rules(): array
     {
         return [
-            'url' => ['required', 'string', 'url'],
+            'url' => ['required', 'string', 'url', new SafeUrl()],
         ];
     }
 }

Suggested defense-in-depth patch for app/Services/Podcast/PodcastService.php:

diff --git a/app/Services/Podcast/PodcastService.php b/app/Services/Podcast/PodcastService.php
--- a/app/Services/Podcast/PodcastService.php
+++ b/app/Services/Podcast/PodcastService.php
@@
     private function createParser(string $url): Poddle
     {
+        if (!$this->network->isSafeUrl($url)) {
+            throw FailedToParsePodcastFeedException::create($url);
+        }
+
         return Poddle::fromUrl($url, 5 * 60, $this->client);
     }
 }
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.6.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "phanan/koel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.7.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-15T17:07:16Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nKoel `v9.6.0` protects the regular podcast subscription API with `SafeUrl`, but the Subsonic-compatible `createPodcastChannel.view` route does not apply the same protection. An authenticated user can supply a private URL and cause Koel to fetch it server-side during podcast parsing.\n\nThis was validated against `v9.6.0` (`352ea5ec27fa22294da8fb6beacb3d5552f0d09c`) using the official `phanan/koel:9.6.0` image.\n\nThis is distinct from `GHSA-7j2f-6h2r-6cqc`, which fixed unsafe episode enclosure URLs in versions `\u003c= 9.3.4`. The issue here is a newer validation gap in the Subsonic route itself, still present in `v9.6.0`.\n\n### Details\n#### SafeUrl protects the regular podcast API only\n\nThe regular podcast subscription path validates the feed URL with `SafeUrl`:\n\n- `app/Http/Requests/API/Podcast/PodcastStoreRequest.php`\n\n```php\nreturn [\n    \u0027url\u0027 =\u003e [\u0027required\u0027, \u0027url\u0027, new SafeUrl()],\n];\n```\n\nThe Subsonic-compatible route does not:\n\n- `routes/subsonic.php`\n  - `createPodcastChannel.view`\n- `app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php`\n\n```php\nreturn [\n    \u0027url\u0027 =\u003e [\u0027required\u0027, \u0027string\u0027, \u0027url\u0027],\n];\n```\n\nThat creates the same kind of trust-boundary mismatch as the radio issue: the main API rejects private targets, while the compatibility route accepts them.\n\n#### The URL is fetched immediately by the podcast parser\n\nThe attacker-controlled URL is used by the podcast service during channel creation:\n\n- `app/Http/Controllers/Subsonic/CreatePodcastChannelController.php`\n- `app/Services/Podcast/PodcastService.php`\n\n`PodcastService::addPodcast()` calls:\n\n```php\n$parser = $this-\u003ecreateParser($url);\n```\n\nand `createParser()` resolves to:\n\n```php\nreturn Poddle::fromUrl($url, 5 * 60, $this-\u003eclient);\n```\n\nThis means the SSRF happens as part of the channel creation flow itself. No separate playback step is needed.\n\n#### This bypasses Koel\u0027s intended SSRF control for podcast URLs\n\nKoel already added `SafeUrl` to the regular podcast API and has already published a podcast-related SSRF advisory. The Subsonic route does not reuse that same control, so it reintroduces a server-side fetch primitive for private destinations.\n\n### PoC\nThe following steps were validated against the official `phanan/koel:9.6.0` image.\n\n1. Authenticate and obtain an API token:\n\n```bash\nAPI_TOKEN=$(\n  curl -sS -X POST http://127.0.0.1:18081/api/me \\\n    -H \u0027Content-Type: application/json\u0027 \\\n    --data \u0027{\"email\":\"admin@koel.dev\",\"password\":\"KoelIsCool\"}\u0027 \\\n  | python3 -c \u0027import json,sys; print(json.load(sys.stdin)[\"token\"])\u0027\n)\n```\n\n2. Obtain the user\u0027s Subsonic API key:\n\n```bash\nSUBSONIC_KEY=$(\n  curl -sS http://127.0.0.1:18081/api/data \\\n    -H \"Authorization: Bearer $API_TOKEN\" \\\n  | python3 -c \u0027import json,sys; print(json.load(sys.stdin)[\"current_user\"][\"subsonic_api_key\"])\u0027\n)\n```\n\n3. Prepare an internal-only target URL. In my validation, I used a host-side RSS fixture reachable from the container through the Docker bridge:\n\n```bash\nTARGET_URL=\"http://172.17.0.1:18090/feed.xml?run=1\"\n```\n\n4. Confirm the regular web API blocks the URL:\n\n```bash\ncurl -i -X POST http://127.0.0.1:18081/api/podcasts \\\n  -H \"Authorization: Bearer $API_TOKEN\" \\\n  -H \u0027Accept: application/json\u0027 \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  --data \"{\\\"url\\\":\\\"$TARGET_URL\\\"}\"\n```\n\nExpected result:\n\n- HTTP `422`\n- Error includes `The url must point to a public URL.`\n\n5. Trigger the Subsonic route with the same URL:\n\n```bash\ncurl -i -G http://127.0.0.1:18081/rest/createPodcastChannel.view \\\n  --data-urlencode \"apiKey=$SUBSONIC_KEY\" \\\n  --data-urlencode \u0027f=json\u0027 \\\n  --data-urlencode \"url=$TARGET_URL\"\n```\n\nExpected result:\n\n- HTTP `200`\n- JSON includes `\"status\":\"ok\"`\n\n6. Confirm the server-side request happened by checking the internal HTTP service logs.\n\nDuring validation, the local HTTP test server received `HEAD` and `GET ` requests for `/feed.xml?run=1`.\n\n### Impact\nAn authenticated user can make Koel send server-side HTTP requests to internal destinations that are intentionally blocked by the main web API.\n\nValidated impact:\n- SSRF to loopback, Docker-bridge, and RFC1918 HTTP destinations reachable from the Koel server\n- Internal service discovery and request execution through the podcast parser\n\nGeneric response-body exfiltration was not validated through this exact route. The confirmed impact is SSRF-based internal request execution.\n\n### Remediation\n\nThe Subsonic podcast request validator should apply `SafeUrl`, and the parser entry point should reject unsafe targets as defense in depth.\n\nSuggested patch for `app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php`:\n\n```diff\ndiff --git a/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php b/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php\n--- a/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php\n+++ b/app/Http/Requests/Subsonic/CreatePodcastChannelRequest.php\n@@\n namespace App\\Http\\Requests\\Subsonic;\n \n use App\\Http\\Requests\\Request;\n+use App\\Rules\\SafeUrl;\n@@\n     public function rules(): array\n     {\n         return [\n-            \u0027url\u0027 =\u003e [\u0027required\u0027, \u0027string\u0027, \u0027url\u0027],\n+            \u0027url\u0027 =\u003e [\u0027required\u0027, \u0027string\u0027, \u0027url\u0027, new SafeUrl()],\n         ];\n     }\n }\n```\n\nSuggested defense-in-depth patch for `app/Services/Podcast/PodcastService.php`:\n\n```diff\ndiff --git a/app/Services/Podcast/PodcastService.php b/app/Services/Podcast/PodcastService.php\n--- a/app/Services/Podcast/PodcastService.php\n+++ b/app/Services/Podcast/PodcastService.php\n@@\n     private function createParser(string $url): Poddle\n     {\n+        if (!$this-\u003enetwork-\u003eisSafeUrl($url)) {\n+            throw FailedToParsePodcastFeedException::create($url);\n+        }\n+\n         return Poddle::fromUrl($url, 5 * 60, $this-\u003eclient);\n     }\n }\n```",
  "id": "GHSA-w79m-f3jx-779v",
  "modified": "2026-07-15T17:07:16Z",
  "published": "2026-07-15T17:07:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/koel/koel/security/advisories/GHSA-w79m-f3jx-779v"
    },
    {
      "type": "WEB",
      "url": "https://github.com/koel/koel/pull/2545"
    },
    {
      "type": "WEB",
      "url": "https://github.com/koel/koel/commit/1331f335342b405e60ffabdd60f1f398508f996f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/koel/koel"
    },
    {
      "type": "WEB",
      "url": "https://github.com/koel/koel/releases/tag/v9.7.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Koel: Authenticated Blind SSRF via Subsonic Podcast Channel Creation"
}

GHSA-W7CR-RVWX-67Q2

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35
VLAI
Details

AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-24444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-10T06:15:00Z",
    "severity": "MODERATE"
  },
  "details": "AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.",
  "id": "GHSA-w7cr-rvwx-67q2",
  "modified": "2022-05-24T17:35:56Z",
  "published": "2022-05-24T17:35:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24444"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-72.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-W7JH-XMQ5-2M7V

Vulnerability from github – Published: 2026-05-06 18:30 – Updated: 2026-05-06 18:30
VLAI
Details

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.

This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20035"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T17:16:20Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\n\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.",
  "id": "GHSA-w7jh-xmq5-2m7v",
  "modified": "2026-05-06T18:30:31Z",
  "published": "2026-05-06T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20035"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7QP-VGWJ-6G7R

Vulnerability from github – Published: 2024-05-23 03:30 – Updated: 2026-04-08 18:33
VLAI
Details

The WPCafe – Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-23T02:15:08Z",
    "severity": "MODERATE"
  },
  "details": "The WPCafe \u2013 Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application.",
  "id": "GHSA-w7qp-vgwj-6g7r",
  "modified": "2026-04-08T18:33:13Z",
  "published": "2024-05-23T03:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1855"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wp-cafe/trunk/core/action/wpc-ajax-action.php#L76"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3084054/wp-cafe/trunk/core/action/wpc-ajax-action.php"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7QX-243M-39P4

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:54
VLAI
Details

In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable to SSRF, which allows attackers to craft requests from Mendix servers to any destination on the internet or a Mendix internal network, perform port scanning, and disclose lists of files located on Mendix servers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-12996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-10T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Mendix 7.23.5 and earlier, the Excel importer module is vulnerable to SSRF, which allows attackers to craft requests from Mendix servers to any destination on the internet or a Mendix internal network, perform port scanning, and disclose lists of files located on Mendix servers.",
  "id": "GHSA-w7qx-243m-39p4",
  "modified": "2024-04-04T01:54:59Z",
  "published": "2022-05-24T16:55:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12996"
    },
    {
      "type": "WEB",
      "url": "https://docs.mendix.com/releasenotes/studio-pro/7.23#7236"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7WG-W2G9-VMJQ

Vulnerability from github – Published: 2026-07-03 06:32 – Updated: 2026-07-03 06:32
VLAI
Details

The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpie_import_upload_file_from_url AJAX action. The plugin's URL downloader first calls wp_safe_remote_get() (which correctly blocks private/reserved IP ranges), but when that call returns a WP_Error — the exact outcome for any blocked internal host — the Download::download_file() method falls back to GuzzleHttp\Client::request() with the original attacker-supplied URL and no SSRF protection (and with TLS verification disabled). This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services such as the cloud metadata endpoint at 169.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-03T06:16:20Z",
    "severity": "MODERATE"
  },
  "details": "The WP Import Export Lite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 3.9.30 via the wpie_import_upload_file_from_url AJAX action. The plugin\u0027s URL downloader first calls wp_safe_remote_get() (which correctly blocks private/reserved IP ranges), but when that call returns a WP_Error \u2014 the exact outcome for any blocked internal host \u2014 the Download::download_file() method falls back to GuzzleHttp\\Client::request() with the original attacker-supplied URL and no SSRF protection (and with TLS verification disabled). This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services such as the cloud metadata endpoint at 169.",
  "id": "GHSA-w7wg-w2g9-vmjq",
  "modified": "2026-07-03T06:32:06Z",
  "published": "2026-07-03T06:32:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11397"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/downloader/download.php#L31"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/downloader/download.php#L97"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/extensions/url-upload/class-wpie-url-upload.php#L29"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/tags/3.9.30/includes/classes/import/extensions/url-upload/wpie_url_upload.php#L44"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/import/downloader/download.php?rev=3587811"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94384812-fa6e-48db-a84a-b1769e62ca58?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W852-7R27-32C6

Vulnerability from github – Published: 2026-06-02 21:30 – Updated: 2026-06-02 21:30
VLAI
Details

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints at internal addresses such as cloud instance metadata services, internal databases, or container orchestration endpoints to exfiltrate IAM credentials and patient health records via the POST body containing full FHIR resource payloads.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-49120"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-02T20:16:39Z",
    "severity": "MODERATE"
  },
  "details": "Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints at internal addresses such as cloud instance metadata services, internal databases, or container orchestration endpoints to exfiltrate IAM credentials and patient health records via the POST body containing full FHIR resource payloads.",
  "id": "GHSA-w852-7r27-32c6",
  "modified": "2026-06-02T21:30:43Z",
  "published": "2026-06-02T21:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49120"
    },
    {
      "type": "WEB",
      "url": "https://github.com/medplum/medplum/pull/9334"
    },
    {
      "type": "WEB",
      "url": "https://github.com/medplum/medplum/commit/87595e98d756d840d70d9dc87beb9d4f9e158b59"
    },
    {
      "type": "WEB",
      "url": "https://github.com/medplum/medplum/releases/tag/v5.1.14"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/medplum-ssrf-via-fhir-subscription-endpoint"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.